1. Introduction and general terms
De Buck Gallery, a company registered as DE Art International, LLC, forms part of an international commercial gallery, operating in New York (“De Buck”, “we”, “us” or “our” in this policy), and represents artists worldwide (“Services”).
Telephone: United States: 1 212-255-5735
De Buck is committed to protecting and respecting your privacy. This policy explains the basis on which personal information we collect from you will be processed by us. Where we decide the purpose or means for which Personal Data you supply through these Services is processed, we are the “data controller” for the General Data Protection Regulation 2016/679.
This policy explains the following:
- What information De Buck may collect about you;
- How De Buck will use information we collect about you;
- Whether De Buck will disclose your details to anyone else; and
- Your choices and rights regarding the personal information you have provided to us.
Our Services may require the use of third parties. These third party websites may have their own privacy policies and we recommend you review them. We do not accept any responsibility or liability for the privacy practices of such third parties and your use of them is at your own risk.
2. What information will De Buck collect about me?
We collect and process the following information which may include your Personal Data.
Information provided by you when using our Services
You may give us information about you by filling in forms when using our Services, signing up to our newsletter or contacting us with inquiries. Such information can include:
- Identity and contact data: including your name, username, address, telephone number and e-mail address; and
- Profile Data: including artwork information, artworks owned, requested, offered, reserved, purchased, consigned and details of artwork invoices.
3. Personal data
A. Payment Information
In order for you to use all the functions of our Services we may collect payment information from you including your credit card number and bank account details.
B. Information about you collected from Third Parties
We may collect Personal Data about you from third party service providers. This includes information about your credit history from credit agencies, or information to check your identity and prevent fraud or other illegal activities.
DE BUCK utilizes so-called “cookies” on its Website, i.e. small files containing text information that are placed on your hard drive (“Cookies”) whenever you call up the Website. The Cookie will be used to store certain information about the specific terminal device you are using. This does not mean, however, that we will obtain direct knowledge of your identity in the process.
The data processed by the Cookies are required for the aforementioned purposes in order to allow us to pursue our legitimate interests and to allow third parties to purse their legitimate interests pursuant to Article 6 paragraph 1 sentence 1 lit. f) of the GDPR.
D. Deployment of analytics and tracking technologies
We use the analytics and tracking technologies, respectively technologies offered by third-party-provider, described below; we do so on the basis of Article 6 paragraph 1 lit. f) of the GDPR for the following purposes (among others):
- To perform data analyses;
- To collect statistics on the use of our Website and to evaluate them so as to optimize our offering;
- To enhance and manage our offering on an ongoing basis;
- To optimize our advertising measures and quantify their success; and
- To provide you with advertising.
These are legitimate interests within the meaning of the aforementioned statutory provision.
E. Google Analytics
Google has been certified under the Privacy Shield Framework, meaning that an adequate level of data protection is in place in accordance with the corresponding Implementing Decision of the European Commission. The certificate is available online for inspection under https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. However, your IP address will first be shortened on our Website by Google within Member States of the European Union or in other states signatory to the Agreement on the European Economic Area (EEA). Only in exceptional cases will the full IP address be transferred to a Google server in the Unites States and shortened there.
Google will use this information on our behalf in order to analyze your usage of our Website, to compile reports on Website activities for us, and to provide us with other services relating to Website and internet usage. In certain cases, this information may also be transferred to third parties, insofar as this is mandated by the law or insofar as third parties have been commissioned with processing the data. Google will not merge your IP address with other data held by Google.
You can block the storage of the relevant Cookie in your browser by configuring your browser settings accordingly. Please be advised, however, that this may prevent you from using all the functions of our Website to their full extent.
In addition, you can prevent Google from recording the data generated by the Cookie regarding your usage of the Website (including your IP address) and from processing such data by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
For further information on data protection in connection with Google Analytics, please navigate to the “Help” section of Google Analytics via the following link: http://google.com/intl/de/analytics/privacyoverview.html.
F. Google AdWords Conversion Tracking
Google will use this information on our behalf to generate visitor statistics for our Website. We will use these visitor statistics to determine the total number of users referred to us by AdWords advertisements and to optimize our AdWords advertising efforts accordingly. This information may also be transferred to third parties insofar as this is mandated by law or insofar as third parties process these data on a commissioned basis. Neither we nor any other advertising customers of Google AdWords will receive information from Google that allows you to be personally identified.
The information generated by the Cookie so placed on your computer concerning your usage of our Website (including your IP address) will be transferred to a Google server located in the United States and stored there. As explained above, Google has been certified under the Privacy Shield Framework, meaning that an adequate level of data protection is in place in accordance with the corresponding Implementing Decision of the European Commission. The certificate is available online for inspection under: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. However, your IP address will first be shortened on our Website by Google within Member States of the European Union or in other states signatory to the Agreement on the European Economic Area (EEA). Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there.
You can prevent the storage of these Cookies in your browser by configuring your browser settings accordingly. Please be advised, however, that this may prevent you from using all the functions of our Website to their full extent.
Furthermore, you can object against interest-based advertising from Google. To do this, you must go to www.google.de/settings/ads from each of the internet browsers you use and then make the desired setting changes.
G. Google Tag Manager
We also use Google Tag Manager. This service allows website tags to be managed by way of a user interface. Tags are small code elements the purpose of which includes measuring traffic and visitor behavior. Google Tag Manager merely implements such tags. This does not cause any Cookies to be placed, meaning that no Personal Data will be recorded. Google Tag Manager triggers other tags which may themselves record data under certain circumstances. Google Tag Manager does not access these data, however. Once the deactivation function has been selected at the domain or Cookie level, it will remain in effect for all tracking tags implemented by Google Tag Manager.
H. Use of social plug-ins
Our Website makes use of the so-called “social plug-ins” of social networks, e.g. Facebook, Instagram, YouTube, Twitter, WeChat and Sina Weibo (Facebook, Instagram, YouTube, Twitter, WeChat and Sina Weibo being collectively referred to hereinbelow as “Social Networks” and the corresponding plug-ins as “Plug-ins”). With these Plug-ins, we offer you the option to interact with the Social Networks and with other users, which allows us to improve our offering and to make it more appealing to you, while at the same time raising awareness of our enterprise. The legal basis for the use of social Plug-ins is Article 6 paragraph 1 sentence 1 lit. f) of the GDPR. Responsibility for ensuring data protection-compliant operations lies with the respective provider.
We use the Plug-ins of the Facebook network, such as the “Like” button. These Plug-ins are offered and operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”), and are clearly designated by the Facebook logo. In addition, we utilize Plug-ins of the Instagram service, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”). These Plug-ins are designated by the Instagram logo. We also use the Plug-ins of the YouTube network, which is owned by Google Inc., San Bruno, California, USA (“YouTube”), whereby the YouTube logo serves as the designator. Our Website also features Plug-ins which are integrated, offered, and operated by the Twitter service owned by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”), these Plug-ins are designated by the Twitter logo or the suffix “Tweet.” We furthermore utilize the Plug-ins of the WeChat network, which is offered and operated (for users in the EEA) by Tencent International Service Europe B.V., a Dutch company with its registered office in 26.04 on the 26th floor of Amstelplein 54, 1096 BC Amsterdam, Netherlands, and (for users outside the EEA, Switzerland or the People’s Republic of China (excluding Taiwan, Hong Kong and Makau) Tencent International Service Pte. Ltd., a company based in Singapore at 10 Anson Road, #21-07 International Plaza, Singapore 079903 (“WeChat”); these Plug-ins are designated by the WeChat logo. Finally, we utilize the Plug-ins of the Sina Weibo network operated by Sina Corporation, 37F, Jin Mao Tower, 88 Century Boulevard, Pudong New District, Beijing NEJ 00000, China (“Sina Weibo”), which are designated by the Sina Weibo logo.
Whenever you access a web page of ours that contains this type of Plug-in, your browser will establish a direct connection to the server of the respective Social Network. The content of the Plug-in will be transferred directly to your browser from the corresponding Social Network and will be integrated into the Website without our being able to exercise any control over said content.
Regardless of whether you maintain a user account with a Social Network or whether you have logged on to the respective Social Network, web pages that contain Plug-ins from that Social Network will transfer information to the corresponding Social Network in the USA, Singapore or China, where this information will be stored. This will include the type and version of your operating system and browser, respectively, as well as your IP address and the domain name and/or date stamp, respectively time stamp, associated with your visit. Each time the web page is called up, the respective Social Network will deposit a Cookie containing an identifier that will remain valid for two years. Since your browser automatically co-transmits this Cookie each time a connection is established with a server, the corresponding Social Network fundamentally would be able to generate a profile of the online web pages called up by the user associated with the identifier. If you have logged on to the respective Social Network at the time, said Social Network will be able to match up the profile to the user account you maintain with that Social Network and thus to you personally. But even if you are not logged in to the respective Social Network when you use our Website, this will not preclude such a match-up from occurring, for example when you log in with the corresponding Social Network at some later time.
Whenever you interact with these Plug-ins, e.g. by activating the “Like” or “Tweet” button or by posting a comment, the corresponding information will be sent from your browser directly to the corresponding Social Network and stored there, without our being able to exert any influence in this regard. The information will also be published on the Social Network and will be displayed to your contacts on said network.
For Facebook: http://de-de.facebook.com/policy.php;
For Instagram: https://help.instagram.com/519522125107875?helpref=page_content;
For YouTube: https://policies.google.com/privacy?hl=de;
For Twitter: http://twitter.com/privacy;
For WeChat: https://www.wechat.com/en/privacy_policy.html; and
For Sina Weibo: https://www.whatsonweibo.com/privacy-policy/.
The above links will also guide you to additional information on your relevant rights and configuration options when it comes to protecting your privacy. Facebook/Instagram, YouTube/Google, and Twitter are certified under the Privacy Shield Framework, meaning that an adequate level of data protection is in place in accordance with the corresponding Implementing Decision of the European Commission. The certificates are available online for inspection here:
For Facebook/Instagram: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC.
For YouTube/Google: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
For Twitter: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
If you, as the user of a Social Network, wish to prevent the corresponding Social Network from collecting information regarding you during your visit to our Website, you can log out of that Social Network when commencing your visit to the Website, erase the corresponding Social Network’s cookie (if one exists) from your browser, and select the “Block Third-Party Cookies” function on your browser. In this case, your browser will not transfer any Cookies to the servers in the event of embedded content of other providers. Note, however, that this configuration, besides blocking the Plug-ins, may also cause certain functions extending across webpages to become unavailable.
Subject to your consent, which can you can grant when registering on our Website, we will email you our newsletter regarding our goods and services or the goods and services of our Affiliated Companies, insofar as we believe they may be of interest to you.
You can object at any time against having data concerning you used for direct advertising purposes with effect for the future, and you can unsubscribe from the newsletter by clicking the corresponding link included in each newsletter email, or by emailing a corresponding declaration to: firstname.lastname@example.org.
We reserve the right to email you offers for goods and services also without your consent insofar as they are similar to ones you have already purchased. You have the right to object at any time against having your data processed for advertising purposes by emailing us a corresponding declaration at email@example.com, or by clicking on the corresponding link in our newsletter. This will not give rise to any costs other than the base rate of transmission costs.
The legal basis for processing your data for purposes of sending out newsletters is Article 6 paragraph 1 sentence 1 lit. a), respectively lit. f), of the GDPR.
For the purpose of sending you emails and our newsletter, we use the newsletter distribution platform MailChimp offered by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA (“MailChimp”). To this end, the personal data concerning you are transmitted to MailChimp servers in the USA and will be stored there. MailChimp has been certified under the Privacy Shield Framework, meaning that an adequate level of data protection is in place in accordance with the corresponding Implementing Decision of the European Commission. The certificate is available online for inspection under: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG.
MailChimp offers comprehensive opportunities to analyze how newsletters are opened and used. In order to evaluate user behavior, the emails sent out include so-called web beacons, respectively tracking pixels, which are one-pixel image files that are stored on our Website. In order to perform analyses, we and/or MailChimp will merge the data collected from you and the web beacons with your email address and an individual ID. The links sent in the newsletter also include this ID. We will use the data obtained in this way to create a user profile to allow us to customize the newsletter to your personal interests. In the process, we will capture the time at which you read our newsletters, on which links you click in the newsletters, and will deduce your personal interests from this conduct. We will merge these data with the actions you have taken on our Website. MailChimp can by its own admission also use this data to enhance or improve its own services, e.g. to technically enhance the dispatch procedure and display of the newsletter or for commercial purposes to be able to determine which countries the recipients are from. However, MailChimp will not use the data of our newsletter recipients to contact them itself or forward it to third parties.
4. Data sharing
In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
5. How we will use information we collect about you and who we will share it with
Providing the Services to you as a prospective or existing client
We may legally use and retain your Personal Data where we need to perform the contract we are about to enter into or have entered into with you, such as:
- For registering you as a new client;
- Processing purchases including any shipping details for delivery of the artwork; and
- Keeping track of contractual agreements;
We may also legally use and retain the Personal Data you provide to us when requesting our Services, to pursue our legitimate interest of providing our Services to you, such as:
- Keeping track of artworks offered to you in order to understand your preferences and purchase history and allow us to offer relevant artwork to you when it comes in;
- Responding to your enquiries; and
- Providing you with information and updates about the Services we offer;
We may analyse certain types of information that you submit to us for the legitimate interest of improving the Services we offer to you and to provide you with a bespoke, tailored service and art advisory and consultancy service, based on your preferences, recommendations, interests and previous purchases and location.
We may share your Personal Data with our selected third party providers and suppliers for the performance of delivering our Service under the contract between you and De Buck, including processing payments and delivering artwork to you in accordance with your instructions. Our third party suppliers will have their own processing terms.
We may use a third party payment Services provider to process payment for our Services, Chase Paymentech, the payment processing service of JP Morgan Chase, who will store, collect and process your payment details over SSL (Secure Sockets Layer). When using Chase Paymentech, our servers will not have access to your sensitive payment details.
Providing the Services and acting for you as an artist or prospective artist
We may legally use and retain Personal Information that we collect about you for the legitimate interest of providing a bespoke artist consultancy and representation service to you, such as:
- Promoting and selling your artwork to relevant clients based on their preferences and previous purchases;
- Retaining a personal profile of you and your artwork to provide clients with background information, and market your artwork accordingly;
- Responding to your inquiries; and
- Providing you with information and updates about our Services and upcoming exhibitions.
Compliance and prevention of Fraud and Illegal Activity
We may process Personal Data for the legitimate interests of ensuring that use of our Services is lawful and non-fraudulent, does not disrupt the operation of our Services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal obligations, including compliance with anti-money laundering regulations (if and where applicable).
We process Personal Data for the legitimate interest of complying with HMRC requirements by retaining records of customer purchases and transactions.
Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal information to inform relevant third parties such as your email/internet provider or law enforcement agencies about the content.
We use various forms of marketing to provide you with promotional materials about our Services.
We may process your contact information that you provide to us (either via our website or through use of our Services) for the purposes of marketing in accordance with our legitimate interests to send you information about gallery exhibitions and events. We may use third party email providers, such as Mailchimp, to process these marketing emails.
6. Your rights in relation to personal data which we process relating to you
You have the following rights over the way we process Personal Data relating to you. We aim to comply without undue delay, and within one month at the latest.
Ask for a copy of data we are processing about you and have inaccuracies corrected
You have the right to request a copy of the personal information we hold about you and to have any inaccuracies corrected.
We will use reasonable efforts to the extent required by law to supply, correct or delete personal information held about you on our files (and with any third parties to whom it has been disclosed).
Object to us processing data about you
You can ask us to restrict, stop processing, or to delete your Personal Data by contacting us at firstname.lastname@example.org if:
- De Buck no longer needs to process that Personal Data for the reason it was collected;
- De Buck is processing that Personal Data because it is in the public interest or it is in order to pursue a legitimate interest of De Buck, you don’t agree with that processing, and there is no overriding legitimate interest for us to continue processing it;
- the Personal Data was unlawfully processed;
- you need the Personal Data to be deleted in order to comply with a legal obligation;
- the Personal Data is processed in relation to the offer of a service to a child.
If you inform us that you would no longer like us to store or process your Personal Data then we may not be able to offer you a fully tailored, bespoke service.
Obtain a machine readable copy of your Personal Data, which you can use with another service provider
- If we are processing data in order to perform our obligations to you, if that processing is carried out by automated means, we will help you to move, copy or transfer your Personal Data to other IT systems.
- If you request, De Buck will supply you with the relevant Personal Data in CSV format. Where it is technically feasible, you can ask us to send this information directly to another IT system provider if you prefer.
Make a complaint to a Supervisory Authority
- If you are unhappy with the way De Buck is processing your Personal Data, please let us know.
- If you do not agree with the way we have processed your data or responded to your concerns, an alternative is to submit a complaint to a Data Protection Supervisory Authority.
7. Data retention
We do not knowingly solicit data from or market to children under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at email@example.com . We will delete such information from our files within a reasonable time.
We will take all reasonable technical and organizational precautions to prevent the loss misuse or alteration of your personal information.
Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
We will notify you of any changes to this policy by email, notice on the website or account message.
11. Internation data transfers
Where we transfer your data outside of the EEA in respect of the transfer to the above affiliates, we have agreements in place with those parties which include standard data protection clauses adopted by a data protection regulator and approved by the European Commission to ensure that appropriate safeguards are in place to protect your Personal Data. If you would like to find out more about these safeguards, please let us know by writing to firstname.lastname@example.org.
12. Information for California residents subject tot the California consumer privacy act
The CCPA provides California residents with certain rights regarding their Personal Information.
The Personal Information We Collect
- Identifiers and certain “Personal Information” as defined in California Civil Code section 1798.80, subsection (e);
- Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other information regarding a consumer’s interaction with the Site;
- Internet or similar network activity; and
- Geolocation data.
Purpose of Collecting Consumer Information – How We Use It
How California Residents Can Exercise Their Rights Under the CCPA
California residents have the right to (1) learn about the categories and particular personal information De Buck has collected about them; (2) obtain a copy of their personal information that De Buck has collected; and (3) ask De Buck to delete their personal information. This section explains how to exercise those rights.
Requests For Access To Information Collected About You By De Buck
If you would like to make a request that De Buck disclose to you information about our collection or use of your Personal Information, you can call us at 1 212-255-5735, or email us at email@example.com. Please note, De Buck may need to obtain specific information from you to confirm your identity and to ensure that you have the right to access information and exercise certain rights under the CCPA. As a result, a De Buck representative may contact you to request additional information to verify your identity.
Disclosure of Information
Once your identity is verified, De Buck will disclose to you the Personal Information you have requested, including:
- The categories of Personal Information about you De Buck has collected;
- The specific pieces of Personal Information about you De Buck has collected;
- The categories of sources from which De Buck collected your Personal Information;
- De Buck’s business or commercial purpose(s) for collecting your Personal Information;
- The categories of third parties with whom De Buck shared your Personal Information; and
- If we disclosed Personal Information about you for a business purpose, the categories of information that each category of recipient received.
Deletion of Information
Once your identity is verified, you can request De Buck to delete the Personal Information we have collected from you. There are certain exceptions and De Buck reserves the right to deny your request if retaining the information is necessary for De Buck or our Service Providers to:
- Complete the transaction for which we collected your information, provide a service requested by you, continue the ongoing business relationship with you within the reasonably anticipated context of that relationship, or perform a contract between you and De Buck;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity;
- Debug to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another California resident to exercise his or her right of free speech, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act;
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws;
- Enable solely internal uses that are reasonably aligned with the expectations of you based on your relationship with us;
- Comply with legal obligations;
- Otherwise use your information, internally, in a lawful manner that is compatible with the context in which you provided the information; or
- Provide employment and related benefits.
California Residents’ Right to Opt Out or Opt In
California residents have the right to opt out of having their Personal Information sold to third parties. We do not currently sell your information and we have not done so in the preceding 12 months. As described above, we may share your Personal Information with our Affiliates, the Program Affiliates, and our Service Providers.
Appointment of Agent to Assist You
You have the right to appoint an agent to make requests under the CCPA to obtain or delete information about you. Such authorization must be done in writing and De Buck may deny a request if the agent does not submit sufficient proof that you authorized the agent to act on your behalf.
California Residents’ Right of Non-Discrimination
De Buck may not discriminate against a California resident because the resident exercised rights under the CCPA, including, but not limited to, by:
- Denying you goods or services;
- Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
- Providing you a different level or quality of goods or services; or
Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Phone: 1 212-255-5735
DE Art International LLC
C/O Chiong & Wan CPAS PC
485 Madison Avenue, Suite 1600
New York, NY 10022